By the way, interesting fact, that vulnerable is only Windows XP.
I digged a little in WRK(Windows 2003), and figure out what's magic constant 0x1FD0 represent (taken from wrk-v1.2\base\ntos\wmi\traceapi.c):